PLEASE HELP! My System is Hijaked!

B

Bryan Elwood

My Windows 2000 system has begun to spontaneously dial a foreign country
through my dial-up modem. It occurs at random times throughout the day. If
I am dialed in, the offending entity will hang up with my ISP, then begin
dialing on its own. The bug will make 11 or so attempts before giving up
until later.

Watching Task Manager closely during an episode, there is no noticeable
activity under Processes. However, I believe I have halted the bug in
mid-stream by closing all instances of Internet Explorer 6, unless of course
the bug simply reached its set number of attempts.

My Norton AV expired some time ago, but I am up to date with Windows
Updates. I didn't think anything like this would creep in before I renewed
my license. I have some experience removing viruses manually through the
registry, but this bug has alluded me thus far.

Can anyone suggest a resource for identifying and removing this bug? Or do
you have a preferred software for removing this particular type of bug?

Thanks for any help!
Bryan
 
Q

Quaestor

Bryan Elwood wrote:

>My Windows 2000 system has begun to spontaneously dial a foreign country
>through my dial-up modem.
>



You have a virus/trojan/worm. Get something to scan for it, and if the
first thing you try doesn't find it, keep getting others till one of
them does (I found Kasparsky [with a free trial period] catches things
the others don't notice). Believe me, it's there, probably a rootkit
(very tough to find or remove). Once you know what you have, it will
probably take a removal tool (see symantec and mcaffee sites for those)
to remove it. If all else fails, fdisk, format, and reinstall everything.

AND DON'T LET THIS HAPPEN AGAIN. Do NOT connect to the internet without
a Hardware firewall running (an nforce mobo with separate fw processor
works fine, contrary to what the shills will tell you), do NOT run any
of the fancy crap that comes with IE (in fact, do not run IE, use a real
browser), do NOT run html in mail or news, do NOT open attachments, do
NOT run java, java script, flash, or anything else you don't really
need, and do NOT let anyone else use your machine. DO run anti-virus
protection, email-scanning, etc, and Take No Chances. If you stick to
these rules you May avoid more of this kind of thing in the future.

Also, you want to check your bank accounts, credit cards, game accounts,
everthing else that uses a password, and change those passwords AFTER
you get the machine clean, since it is likely all your personal
information has already been stolen.

Oh, and send billgates a big thankyou for perpetrating the insecure OS
which makes all this horror possible.

--
Those who try to hide behind Godwin are the real net-nazis.
Philosophy: Joking about why we cuss so much.
Learn about spam: http://www.seige-perilous.org/spam/spam.html
[fourth line intentionally left blank]
 
P

Pegasus \(MVP\)

"Bryan Elwood" <belwood1grass@airmail.net> wrote in message
news:eykN8f$zHHA.3600@TK2MSFTNGP04.phx.gbl...
> My Windows 2000 system has begun to spontaneously dial a foreign country
> through my dial-up modem. It occurs at random times throughout the day.
> If
> I am dialed in, the offending entity will hang up with my ISP, then begin
> dialing on its own. The bug will make 11 or so attempts before giving up
> until later.
>
> Watching Task Manager closely during an episode, there is no noticeable
> activity under Processes. However, I believe I have halted the bug in
> mid-stream by closing all instances of Internet Explorer 6, unless of
> course
> the bug simply reached its set number of attempts.
>
> My Norton AV expired some time ago, but I am up to date with Windows
> Updates. I didn't think anything like this would creep in before I
> renewed
> my license. I have some experience removing viruses manually through the
> registry, but this bug has alluded me thus far.
>
> Can anyone suggest a resource for identifying and removing this bug? Or
> do
> you have a preferred software for removing this particular type of bug?
>
> Thanks for any help!
> Bryan
>
>


I fully agree with what Quaestor writes but I am concerned about
your statement "I have some experience removing viruses". It
suggests one of two things:

- You have a casual approach towards maintaining your virus
defences and/or your firewall.
- You frequently visit sits and open EMails that are known to
be risky.

If you pay attention to maintaining your protection up-to-date
and if you adopt safe computing habits then your system should
never suffer an infection. I am responsible for the maintenance
of a few hundred machines and they have been totally virus-free
for many years.
 
Q

Quaestor

Pegasus (MVP) wrote:

>I fully agree with what Quaestor writes but I am concerned about
>your statement "I have some experience removing viruses". It
>suggests one of two things:
>
>- You have a casual approach towards maintaining your virus
> defences and/or your firewall.
>- You frequently visit sits and open EMails that are known to
> be risky.
>
>If you pay attention to maintaining your protection up-to-date
>and if you adopt safe computing habits then your system should
>never suffer an infection. I am responsible for the maintenance
>of a few hundred machines and they have been totally virus-free
>for many years.
>


All I run is a hardware firewall, occasional scanning for any file I DL,
avoiding dangerous sites, and not running the garbage that comes with MS
browser and email programs. When on occasion I do DL a file, I only get
it from a trusted site, and then do nothing with it until it has been
scanned with a fully updated scanner (AVAST!). I do not run real-time
anti-virus or email checking, because the firewall stops the worms, the
scanning of files stops the trojans & virus, and I simply do not open
attachments to email unless they are from a friend and I was expecting
it. The result is that, other than the 2 times I got hit when I first
went to win2k (which shot right past the software firewall), I have
never had a virus/trojan/worm. IOW, good sense and a good firewall are
the real protectors.

--
Those who try to hide behind Godwin are the real net-nazis.
Philosophy: Joking about why we cuss so much.
Learn about spam: http://www.seige-perilous.org/spam/spam.html
[fourth line intentionally left blank]
 
A

Andrew Rossmann

In article <13aj0h543dh1mf0@news.supernews.com>, no.spam@my.place
says...
> Bryan Elwood wrote:
>
> >My Windows 2000 system has begun to spontaneously dial a foreign country
> >through my dial-up modem.

^^^^^^^^^^^^^

> AND DON'T LET THIS HAPPEN AGAIN. Do NOT connect to the internet without
> a Hardware firewall running (an nforce mobo with separate fw processor
> works fine, contrary to what the shills will tell you


How many HW firewalls support dial-up? Typically, the modem is internal
to the computer (especially if it's a laptop.) The only firewall really
possible in that case is a software one. Not every can afford, or can
even get, broadband.

--
If there is a no_junk in my address, please REMOVE it before replying!
All junk mail senders will be prosecuted to the fullest extent of the
law!!
http://home.att.net/~andyross
 
Q

Quaestor

Andrew Rossmann wrote:

>In article <13aj0h543dh1mf0@news.supernews.com>, no.spam@my.place
>says...
>
>
>>Bryan Elwood wrote:
>>
>>
>>
>>>My Windows 2000 system has begun to spontaneously dial a foreign country
>>>through my dial-up modem.
>>>
>>>

> ^^^^^^^^^^^^^
>
>
>
>>AND DON'T LET THIS HAPPEN AGAIN. Do NOT connect to the internet without
>>a Hardware firewall running (an nforce mobo with separate fw processor
>>works fine, contrary to what the shills will tell you
>>
>>

>
>How many HW firewalls support dial-up? Typically, the modem is internal
>to the computer (especially if it's a laptop.) The only firewall really
>possible in that case is a software one. Not every can afford, or can
>even get, broadband.
>


Is there some reason you cannot connect a firewall to a modem?

--
Those who try to hide behind Godwin are the real net-nazis.
Philosophy: Joking about why we cuss so much.
Learn about spam: http://www.seige-perilous.org/spam/spam.html
[fourth line intentionally left blank]
 
A

Andrew Rossmann

In article <13al7ma7drnt788@news.supernews.com>, no.spam@my.place
says...
> Andrew Rossmann wrote:
> Is there some reason you cannot connect a firewall to a modem?


The HW firewall would need to support a serial (or maybe USB) port, and
support dialing the ISP, and handling the login information. For a home
user, that could be messy as it may be online when you don't want it to
be.

Most HW firewalls just go in-line between the broadband connection
(cable or DSL modem, T1, etc...) and the internal router or hub or
switch. Many routers have some basic firewall in them. You still need an
Ethernet input to the firewall/router.

--
If there is a no_junk in my address, please REMOVE it before replying!
All junk mail senders will be prosecuted to the fullest extent of the
law!!
http://home.att.net/~andyross
 
Q

Quaestor

Andrew Rossmann wrote:

>In article <13al7ma7drnt788@news.supernews.com>, no.spam@my.place
>says...
>
>
>>Andrew Rossmann wrote:
>>Is there some reason you cannot connect a firewall to a modem?
>>
>>

>
>The HW firewall would need to support a serial (or maybe USB) port, and
>support dialing the ISP, and handling the login information.
>


Why can't the modem handle that?

>For a home
>user, that could be messy as it may be online when you don't want it to
>be.
>
>Most HW firewalls just go in-line between the broadband connection
>(cable or DSL modem, T1, etc...) and the internal router or hub or
>switch.
>


Most == All?

>Many routers have some basic firewall in them. You still need an
>Ethernet input to the firewall/router.
>


My first firewall was an older PC running redhat linux and an esmith
server (free for download). Dialup modem connected that to the net, and
ethernet connected to the other pc. Later switched to DSL, easy and
quick. This sort of thing is hardly a difficult setup to achieve.

If it is true that no combination of dialup modem and firewall can be
found that works together, the only solution to the constant barrage of
haking and probing is to stay off the net. Software firewalls are not
even bandaids.

--
Those who try to hide behind Godwin are the real net-nazis.
Philosophy: Joking about why we cuss so much.
Learn about spam: http://www.seige-perilous.org/spam/spam.html
[fourth line intentionally left blank]
 
J

John John

Quaestor wrote:

> Andrew Rossmann wrote:
>
>> In article <13al7ma7drnt788@news.supernews.com>, no.spam@my.place says...
>>
>>
>>> Andrew Rossmann wrote:
>>> Is there some reason you cannot connect a firewall to a modem?
>>>

>>
>>
>> The HW firewall would need to support a serial (or maybe USB) port,
>> and support dialing the ISP, and handling the login information.
>>

>
> Why can't the modem handle that?
>
>> For a home user, that could be messy as it may be online when you
>> don't want it to be.
>>
>> Most HW firewalls just go in-line between the broadband connection
>> (cable or DSL modem, T1, etc...) and the internal router or hub or
>> switch.
>>

>
> Most == All?
>
>> Many routers have some basic firewall in them. You still need an
>> Ethernet input to the firewall/router.
>>

>
> My first firewall was an older PC running redhat linux and an esmith
> server (free for download). Dialup modem connected that to the net, and
> ethernet connected to the other pc. Later switched to DSL, easy and
> quick. This sort of thing is hardly a difficult setup to achieve.
>
> If it is true that no combination of dialup modem and firewall can be
> found that works together, the only solution to the constant barrage of
> haking and probing is to stay off the net. Software firewalls are not
> even bandaids.


it's better than nothing and it does keep things out. Those with
properly configured software firewalls were mostly spared from such
things as msblast, sasser or whatever their names were when they came
out and inflicted their misery on hundreds of thousands of computers.

Two points to keep in mind:

1- Dialup connections are not as vulnerable to attacks as
broadband/high speed internet connections.

2- As much as it may shock you, in many areas the only available
connections to the internet are dialup connections. In some places
where more choice is available, but where there is no effective
competition, some consumers might not be able to afford the large price
premium that is demanded for high speed service.

Hardware firewall for dialup modems has been getting increasingly harder
to find. If you have a small network and use ICS you are using NAT.

These hardware firewalls are dialup capable:
http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS338.aspx
http://www.netgear.com/Products/VPNandSSL/WirelessVPNFirewallRouters/FWG114P.aspx

John
 
Q

Quaestor

John John wrote:

> 1- Dialup connections are not as vulnerable to attacks as
> broadband/high speed internet connections.



Just as vulnerable, but less targeted, because most reputable ISP do not
accept email from dialup netranges (such users should be sending mail
through their ISP's mail server, not their own).

> 2- As much as it may shock you, in many areas the only available
> connections to the internet are dialup connections.



I never said otherwise. The question was about avoiding getting
haked/wormed.

> Hardware firewall for dialup modems has been getting increasingly
> harder to find. If you have a small network and use ICS you are using
> NAT.



It may not be pretty, but NAT works.


--
Those who try to hide behind Godwin are the real net-nazis.
Philosophy: Joking about why we cuss so much.
Learn about spam: http://www.seige-perilous.org/spam/spam.html
[fourth line intentionally left blank]
 
D

DL

Its not a bug
Your system is infected

"Bryan Elwood" <belwood1grass@airmail.net> wrote in message
news:eykN8f$zHHA.3600@TK2MSFTNGP04.phx.gbl...
> My Windows 2000 system has begun to spontaneously dial a foreign country
> through my dial-up modem. It occurs at random times throughout the day.
> If
> I am dialed in, the offending entity will hang up with my ISP, then begin
> dialing on its own. The bug will make 11 or so attempts before giving up
> until later.
>
> Watching Task Manager closely during an episode, there is no noticeable
> activity under Processes. However, I believe I have halted the bug in
> mid-stream by closing all instances of Internet Explorer 6, unless of
> course
> the bug simply reached its set number of attempts.
>
> My Norton AV expired some time ago, but I am up to date with Windows
> Updates. I didn't think anything like this would creep in before I
> renewed
> my license. I have some experience removing viruses manually through the
> registry, but this bug has alluded me thus far.
>
> Can anyone suggest a resource for identifying and removing this bug? Or
> do
> you have a preferred software for removing this particular type of bug?
>
> Thanks for any help!
> Bryan
>
>
 
Back
Top Bottom